The big new law that might finally shake up digital privacy

The Health Insurance Portability and Accountability Act of 1996—commonly known as HIPAA—created a uniform legal framework for protecting medical records across the entire healthcare sector. Basically, one set of pro-consumer rules applicable to everyone. And as a result, patients don’t have to perform privacy-policy due diligence just to select a doctor.

If HIPAA had not been passed into law, the process for selecting a new doctor might look quite different than it does today. You would need to figure out how the doctor intended to use your medical records by struggling through a lengthy, legalese-heavy disclosure. You would need to determine who other than the doctor’s office could access your records, and whether they were authorized to sell health records to other parties. And you would need to continually monitor all of this, because the doctor could change policies at any time and, say, sell the practice’s entire medical record database wholesale.

Now contrast healthcare to the technology industry, which operates without a HIPAA-like charter. As it stands today the technology companies that provide the most popular digital services do business without enforceable mandates to protect personally identifiable information. And so consumers are forced to personally manage their own digital privacy even as a shadowy multi-multi-multi-billion data brokerage industry operates largely without regulation, selling data about you without your knowledge or approval. This is online “privacy” in the U.S. circa 2017.

Privacy isn’t an abstract concept. How it is defined and legislated determines what companies can and cannot do with your personal information. The primary obstacle to the U.S. enacting any sort of overarching privacy law is—wait for it—money. Personal data drives advertising networks, and advertising revenues are the lifeblood of technology and media businesses the world over.

If you’re someone concerned about personal privacy and the pervasiveness of digital surveillance, it’s unsatisfying how little discussion there is about online privacy rights in the U.S. Instead, it’s a lot of “Nothing to see here, carry on” from the titans of tech.